Woebot Labs & GDPR

In 2016 the EU announced it’s plans for making companies responsible for user data protections of all EU citizens, regardless of where the company resides geographically.

At Woebot Labs, rooted in scientist-practitioner philosophies, has been preparing for full compliance by May 2018., and and we can say it has been an exceptionally validating and dare I say it, even, enjoyable process. Here’s why… Yes, validating and enjoyable.

GDPR is different than HIPAA

What makes EU’s General Data Protection Regulation (GDPR) stand apart from the United States’ Health Insurance Portability and Accountability Act (HIPAA) is that the former is a fundamentally person-centered approach. Much of this is owed to how GDPR was developed - beginning with European legislators seeking to understand the privacy issues that concern their citizens, and their opinions on the bounds of privacy tolerance, from both an ideological and practical standpoint.

Whilst legislating for health privacy tech is a good idea, HIPAA focuses more on specific technical requirements than GDPR. It provides a clear roadmap for tech architecture that must be in place for minimal acceptable security standards, and is clearly interpretable and certainly helpful. One of my fears with HIPAA however, is that users can assume that just because something is “HIPAA compliant”, it is 100% trustworthy, but this isn’t always the case. HIPAA compliant software companies can still be vulnerable to hacks and to other vulnerabilities that may be overlooked get hacked, perhaps due to poor user-centered privacy design decisions.

GDPR law, in contrast, is founded upon user-centered principles which means that developers are forced to think through privacy by design at every level of development, and either change or defend their work flows from the position of putting people’s privacy first. Instead of simply checking-boxes, this elevates the conversation and it acknowledges the frank benefits of has fostered the kind of conversation th of a much higher standard of data protection.

Woebot is User-Centered

We are fortunate to have already developed Woebot was originally developed from a user-centered position. For example, upon user request Woebot can delete data and thus mirrors the GDPR principal referred to as “the right to be forgotten”. Also, our informed consent procedures during app-onboarding are borrowed from best practice for human-centered research.

Leading the Way…

Indeed, GDPR moves away from a perception that there is a “right” way of doing things versus a “wrong” way. Instead it forces a deeper, more nuanced level of design, grounded in sensible protection rather than prescription, imperative as new data-driven technologies come on stream, and can actually push the field further. And we think that is a very positive thing.

Documents & Details

What is GDPR
How will Woebot Labs be GDPR compliant
Privacy Policy and Terms of Service
Profile Deletion
Profile Transfer
GDPR Report
Contact Woebot Labs